security · 10cfaa7456d70696a89d423ce1cb0fd22967773a · Upstream / linux-stable

selinux: properly handle multiple messages in selinux_netlink_send()

Paul Moore authored 5 years ago

commit fb739741

 upstream.

Fix the SELinux netlink_send hook to properly handle multiple netlink
messages in a single sk_buff; each message is parsed and subject to
SELinux access control.  Prior to this patch, SELinux only inspected
the first message in the sk_buff.

Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

eeef0d9f

Name	Last commit	Last update
..
apparmor	apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock	5 years ago
integrity	efi: Only print errors about failing to get certs if EFI vars are found	5 years ago
keys	KEYS: Avoid false positive ENOMEM error on key read	5 years ago
loadpin	proc/sysctl: add shared variables for range check	5 years ago
lockdown	efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN	5 years ago
safesetid	LSM: SafeSetID: Stop releasing uninitialized ruleset	5 years ago
selinux	selinux: properly handle multiple messages in selinux_netlink_send()	5 years ago
smack	broken ping to ipv6 linklocal addresses on debian buster	5 years ago
tomoyo	tomoyo: Use atomic_t for statistics counter	5 years ago
yama	proc/sysctl: add shared variables for range check	5 years ago
Kconfig	Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	5 years ago
Kconfig.hardening	Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux	5 years ago
Makefile	security: Add a static lockdown policy LSM	5 years ago
commoncap.c	Merge branch 'next-lsm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	6 years ago
device_cgroup.c	docs: cgroup-v1: add it to the admin-guide book	5 years ago
inode.c	Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	5 years ago
lsm_audit.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500	6 years ago
min_addr.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	7 years ago
security.c	Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	5 years ago

GitLab

Menu

Download source code

Download this directory